CVE-2020-12527

Description

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

Helmholz / myREX242 – 2.11.2
Helmholz / myREX24.virtual2.11.2 – 2.11.2
MB connect line / mbCONNECT242.6.2 – 2.11.2
MB connect line / mymbCONNECT242.6.2 – 2.11.2

References

VENDOR_ADVISORYhttps://cert.vde.com/en/advisories/VDE-2021-003
VENDOR_ADVISORYhttps://cert.vde.com/en/advisories/VDE-2022-039